

AD-A214 597

| REPORT DOCUMENTATION PAGE                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |                                                          |                                         | Form Approved<br>OMB NO. 0704-0188                                  |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------|-----------------------------------------|---------------------------------------------------------------------|
| <p>Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503.</p> |                                                          |                                         |                                                                     |
| 1. AGENCY USE ONLY (Leave blank)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | 2. REPORT DATE                                           | 3. REPORT TYPE AND DATES COVERED        |                                                                     |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | April 1979                                               | Final                                   |                                                                     |
| 4. TITLE AND SUBTITLE<br><br>RELIABILITY EVALUATION OF COMPUTER SYSTEMS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |                                                          |                                         | 5. FUNDING NUMBERS<br><br>61102F<br>2304/A6                         |
| 6. AUTHOR(S)<br><br>Edward J. McCluskey      M. Danielle Beaudry                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |                                                          |                                         |                                                                     |
| 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)<br><br>Stanford Electronics Laboratory<br>Stanford University<br>Stanford, CA 94305                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |                                                          |                                         | 8. PERFORMING ORGANIZATION REPORT NUMBER<br><br>TR-42-1304          |
| 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES)<br><br>AFOSR<br>BLDG 410<br>BAFB DC 20332-6448                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |                                                          |                                         | 10. SPONSORING/MONITORING AGENCY REPORT NUMBER<br><br>AFOSR 77-3325 |
| 11. SUPPLEMENTARY NOTES                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |                                                          |                                         |                                                                     |
| 12a. DISTRIBUTION/AVAILABILITY STATEMENT                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |                                                          |                                         | 12b. DISTRIBUTION CODE                                              |
| <p>1. ABSTRACT (Maximum 200 words)</p> <p>DTIC ELECTED NOV 28 1989</p> <p><b>S B D</b></p>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |                                                          |                                         |                                                                     |
| <p>DISTRIBUTION STATEMENT A</p> <p>Approved for public release;<br/>Distribution Unlimited</p>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |                                                          |                                         |                                                                     |
| 14. SUBJECT TERMS                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |                                                          |                                         | 15. NUMBER OF PAGES<br>63                                           |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |                                                          |                                         | 16. PRICE CODE                                                      |
| 17. SECURITY CLASSIFICATION OF REPORT<br>unclassified                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | 18. SECURITY CLASSIFICATION OF THIS PAGE<br>unclassified | 19. SECURITY CLASSIFICATION OF ABSTRACT | 20. LIMITATION OF ABSTRACT                                          |

NSN 7540-01-280-5500

Standard Form 298 (890104 Draft)  
Prescribed by ANSI Std Z39-18  
298-01

89 11 27 115



132

RELIABILITY EVALUATION OF COMPUTER SYSTEMS

FINAL SCIENTIFIC REPORT

AIR FORCE OFFICE OF SCIENTIFIC RESEARCH

Grant Number AFOSR 77-3325  
1 April 1977 to 30 April 1979

Principal Investigator: Professor Edward J. McCluskey

Project Leader: Dr. M. Danielle Beaudry

Submitted by

Center for Reliable Computing  
Computer Systems Laboratory  
Departments of Electrical Engineering and Computer Science  
Stanford University  
Stanford, California 94305

RELIABILITY EVALUATION OF COMPUTER SYSTEMS

FINAL SCIENTIFIC REPORT

Air Force Office of Scientific Research  
Grant Number AFOSR-77-3325  
1 April 1977 to 30 April 1979

Principal Investigator: Professor Edward J. McCluskey

Project Leader: Dr. M. Danielle Beaudry

Submitted by

Center for Reliable Computing  
Computer Systems Laboratory  
Departments of Electrical Engineering and Computer Science  
Stanford University  
Stanford, California 94305

ABSTRACT

This report summarizes research conducted at the Center for Reliable Computing with the support of the Air Force Office of Scientific Research from 1 April 1977 to 30 April 1979. Results and current work in various aspects of computer system reliability evaluation are described.

## TABLE OF CONTENTS

|                                                                |      |
|----------------------------------------------------------------|------|
| Abstract                                                       | i    |
| Table of Contents                                              | ii   |
| Section                                                        | Page |
| 1. INTRODUCTION                                                | 1    |
| 2. RESEARCH DESCRIPTION                                        | 3    |
| 2.1 Reliability Evaluation of Fault-Resistant Computer Systems | 3    |
| 2.2 System Level Reliability Analysis                          | 9    |
| 2.3 Component Level Reliability Analysis                       | 11   |
| 3. MEETINGS                                                    | 15   |
| 4. PERSONNEL                                                   | 17   |
| 5. REFERENCES                                                  | 18   |
| APPENDIX A DESCRIPTION OF THE CENTER FOR RELIABLE COMPUTING    | 22   |
| APPENDIX B RESUMES                                             | 40   |

|                    |                                     |
|--------------------|-------------------------------------|
| Accession For      |                                     |
| NTIS GRA&I         | <input checked="" type="checkbox"/> |
| DTIC TAB           | <input type="checkbox"/>            |
| Unannounced        | <input type="checkbox"/>            |
| Justification      |                                     |
| B. Distribution/   |                                     |
| Availability Codes |                                     |
| Dist               | Avail and/or<br>Special             |
| A-1                |                                     |

## 1. INTRODUCTION

This final scientific report describes various activities at the Center for Reliable Computing (CRC) of Stanford University's Computer Systems Laboratory. Section 2 describes various research topics which appeared in publications by CRC personnel. Section 3 contains a list of technical conferences and meetings attended by CRC personnel. Section 4 contains a list of CRC personnel involved in reliability studies. The list of references in Section 5 contains both references and CRC publications. Throughout this report, references to CRC research publications are identified by a \*. Publications supported by this grant are identified by a +.

The principal research results have produced mathematically tractable means to analyze gracefully degrading computing systems from a reliability, performance, and diagnosability point of view. Several actual computing systems were used as examples of techniques described in this report. These systems included:

1. DAIS, a multiprocessor for avionics applications,
2. PRIME, a multiprocessor developed at the University of California at Berkeley,
3. the Stanford Linear Accelerator Center's Triplex multiprocessor, and
4. SIRU, a dual redundant computer for navigation and control in avionics.

The testing of digital circuits for both permanent and intermittent failures was also extensively studied resulting in reasonable and practical methods for random and deterministic testing strategies. Design techniques for producing self-checking circuits which avoid duplication were shown to be useful in combinational circuit design. Redundant digital systems, resilient to synchronization and data matching problems, were described as well as design techniques for achieving tolerance to these failures.

## 2. RESEARCH DESCRIPTION

This section describes research efforts focussed on various aspects of the reliability evaluation of computer systems. McCluskey\* [1977+] discussed the importance of reliability and maintainability in the design of computer architectures. Reliability evaluation of fault-resistant systems concentrated on a study of gracefully degrading (also called fail-softly) computing systems, simulation techniques for reliability evaluation, and communication strategies for fault-tolerant computer networks. System level reliability analysis included studies of various multiprocessor computer systems. Computer system component reliability evaluation concentrated on the problems involved in testing and designing digital circuits.

### 2.1 RELIABILITY EVALUATION OF FAULT-RESISTANT COMPUTER SYSTEMS

The major modeling effort concentrated on fault-resistant computer systems. Fail-softly or gracefully degrading computing systems react to a detected failure by reconfiguring to a state which might have a decreased level of performance. For example, if a single processor of a multiprocessor system fails, the system may continue to operate without the faulty processor, but will have

decreased performance until the processor can be repaired and then reconfigured into the system. Three areas particularly relevant to the analysis of such systems were studied at the Center for Reliable Computing:

1. analytic modeling,
2. appropriate reliability measures, and
3. diagnosis models.

Other research explored the use of a general purpose simulator to study simulation as a means of reliability evaluation in digital systems. The problems of fault-tolerant communication in computer networks were also examined.

The use of Markov models for the reliability evaluation of gracefully degrading systems was described by Losq\* [1977]. His model analyzed the effects of failures on such systems and took into account the internal structure of the hardware, the characteristics of various detection mechanisms, and the unreliability of software. The system was partitioned into resources, e.g. processing, memory, and operating system software, and each resource was modeled independently. System optimization gave the best number of modules in a resource and demonstrated the trade-offs between hardware and software detection mechanisms. The model provided values for the system availability, mean time before failure (MTBF), and the proportion of time that the

system spent in degraded modes.

Many important sources of system failure are not adequately modeled by techniques which require the assumption of constant failure rates. Beaudry\* [1979B+] discussed the probabilistic structure of several sources of computing system failure. Non-homogeneous Poisson processes provided the mathematical framework in which to model these failure mechanisms. The detection latency of a physical failure is the time which elapses between the occurrence of the physical failure and the detection of that failure at the system level. The rate at which detections of physical failures occur is dependent on the failure rate, the system testing strategy, and, very importantly, on the usage characteristics of the failed circuit or system. If the system usage varies during operation of a computing system then the detection rate will also vary. Non-homogeneous Poisson processes provided a model for such time-dependent phenomena in computing systems with varying usage characteristics.

Beaudry\* [1976, 1977, 1978A+, 1978D+] studied measures which were particularly relevant to the reliability evaluation of gracefully degrading systems. Differences in performance levels led to consideration of the computation capacity of a system as the amount of useful computation

(considering such performance factors as execution speed, throughput, response time, overhead and user demand) per unit time available on the system. The mean computation before failure, MCBF, and the computation availability were defined for such systems. These measures evaluated the system in terms of its capacity to execute computing tasks. Markov models permitted the development of measures to analyze the effects of distributing the computation load in a multiprocessor or gracefully degrading system. These measures were especially useful when evaluating systems where both reliability and performance were important.

The problem of self-diagnosis of multi-unit digital systems was considered by Blount\* [1977A, 1977B, 1978D+, 1978E+]. In such systems, each unit can test other units and/or be tested by other units. The system test consists of running and compiling test results from all unit tests in the system. As a result of the system test, a decision is made regarding the fault status (faulty or fault-free) of each unit. In Blount\* [1978C+, 1978E+], procedures were developed for calculating probabilistic diagnosability measures for systems that could be modeled in earlier graph-theoretic diagnosis models. This model was extended by allowing the modeling of self-testing units and including the uncertainties and imperfections of the testing process. Procedures were given for calculating:

1. the probability that a specified fault condition is correctly diagnosed, and
2. the probability that correct diagnosis is performed when a system test is performed.

A procedure was also given for deriving a diagnosis strategy that results in optimal system-wide diagnosability. This model formed the basis for a study of diagnosis in fail-softly or gracefully degrading computer systems. If a system is to survive a failure, four steps must be successfully taken:

1. the fault must be detected,
2. the fault must be accurately diagnosed,
3. the faulty unit must be removed from the system, and
4. the data base and system software must be returned to some acceptable state.

Blount\* [1978A+, 1978B+, 1978E+] allowed the decision step of the diagnosis procedure to be implemented by a set of faulty and/or fault-free units, thereby modeling a possible source of error in the diagnosis process.

Thompson\* [1977B+, 1977D+] described a simulation package designed to evaluate the reliability of digital systems. The simulator was designed to model many different types of systems, at varying levels of detail. The user was

given the capability to use the elements of the model in the way best suited to simulating the operation of a system in the presence of faults. The simulation package then generated random faults in a model using a Monte Carlo analysis to obtain reliability curves. When compared with other types of simulators, this simulator was found to provide a greater degree of flexibility in specifying the model for the system.

Betancourt\* [1979+] presented an excellent survey of available reliability evaluation computer programs. These programs can be classified into three main categories:

1. Fault tree analysis,
2. Reliability equations, and
3. Markov chain models.

References are provided for each program as well as a description of the computer language, input, output and underlying model.

The quality of service provided by a computer network is extremely sensitive to the performance of the inter-computer communication network. The loss of communication links or centers causes transmission delay, congestion, and can disconnect networks. Losq\* [1978A+, 1978B+] studied structures for communication networks that minimize the effects of failures on

performance. He proposed a measure for the fault-tolerance of store-and-forward packet switching networks which defined operational limits within a worst case response time. Properties of the networks led to simplification of routing algorithms and reconfiguration following failures.

## 2.2 SYSTEM LEVEL RELIABILITY ANALYSIS

Several actual computer systems have been analyzed using both analytical modeling and simulation. Losq\* [1977] applied his model to the PRIME system to derive the MTBF and availability of that system. The analysis examined both hardware and software failures and studied the effect of testing and hardware detection mechanisms on the overall system reliability.

Beaudry\* [1978A+, 1978B+, 1978C+] examined the effects of variations in system workloads on the overall system reliability and performance. A relationship was demonstrated between the system failure rate and the user demand for system resources. In particular, a strong relationship was shown between the arrival rate of batch jobs in a large multiprocessor and the failure rate of that multiprocessor computing system. Beaudry\* [1978A+, 1978E+] presented an extensive statistical analysis of failures in the SLAC (Stanford Linear Accelerator Center) Triplex

multiprocessor. The analysis demonstrated the effect of system workload on the overall reliability. Performance-related as well as traditional reliability measures were calculated; hardware, software and operator-induced system failures were taken into account.

The behavior of time-dependent failure rates was studied by Beaudry\* [1979B+] in two computer systems, the SLAC Triplex multiprocessor and DAIS, a multiprocessor system for avionics applications. Recurrent failures occur when the recovery process following a failure in a computing system is incomplete or incorrect. Such failures were shown to be a significant source of system down time in the SLAC Triplex multiprocessor. Recurrent failures were also shown to be a critical consideration in the DAIS architecture.

Blount\* [1978A+, 1978B+, 1978E+] studied the PRIME system and determined the sensitivity of the system diagnosability to various levels of test quality. He took into account the imperfections in both the system test and the decision steps of the diagnosis process. This study demonstrated the use of fail-softly systems diagnosis models as a research tool for the general study of diagnosis techniques.

The SIRU dual redundant system was extensively analyzed by Thompson\* [1977A+, 1977C+] using simulation to evaluate

the proposed design of this dual computer system. The system was modeled in sufficient detail to study the effects of certain design changes on the overall reliability. This study demonstrated that this simulation technique could be applied to complex systems and derived the conditions necessary to obtain a desired confidence in the results of the analysis.

### 2.3 COMPONENT LEVEL RELIABILITY ANALYSIS

Digital circuits must be designed to provide for both testability and maintainability. In [McCluskey\*, 1978A+, 1978B+], current techniques and issues in design for maintainability and testability are surveyed. CRC studied various testing strategies for intermittent and permanent failure detection, as well as issues involved in the reliable synchronization of redundant digital systems.

In digital circuits, intermittent failures are extremely difficult to detect. Their effects can disappear when a test is run and yet produce incorrect outputs. Losg\* [1978D+, 1978E+] studied the efficiency of test procedures to detect intermittent failures in combinational circuits. One of the factors contributing to the complexity of random testing is the fact that testing can never guarantee that a circuit is free from intermittent failures. As a

consequence, testing becomes a probabilistic problem and requires much information about the statistical properties of the failures and their effects on the circuit. If all this information is available, then it is possible to find the best test sequence and also to evaluate the confidence that the circuit is fault-free at the end of a test sequence when no error indication has been detected. The best test strategy is deterministic: it involves a given test sequence, or more exactly, a series of test sequences, depending upon the desired length of the test. This study of detection of intermittent failures in combinational circuits leads one to believe that the same results may apply to sequential circuits.

Random compact testing uses random inputs to test digital circuits. Losq\* [1978C+] studied the achievement of fault detection by comparing some statistic of the circuit under test, e.g., the frequency of logic ones at an output, with the value of that statistic previously determined for the fault-free circuit. He concluded that random compact testing can efficiently detect failures in both combinational and sequential circuits. Even though random compact testing cannot guarantee a specific confidence in its results, it is still an efficient way to detect most of the failures that can occur in circuits. With testing experiments of sufficient length, a very high detection

coverage can be obtained.

A general method for predicting the parity of the output of circuits that have one or more  $N$  bit wide inputs and a single  $N$  bit wide output is discussed by Khodadad-Mostashiry\* [1979A+, 1979B+]. Error detection properties of the method are discussed for several special cases, e.g., bit-sliced circuits and iterative circuits. When these circuits are fault-free, the output parity can always be calculated in such a way as to preserve any single input error. The error detection properties of the circuit depend on the structure of the circuit. Some design techniques to improve these detection properties are presented. The output parity of any bit-sliced or iterative circuit can be predicted and the resulting circuit can be designed so that it is totally self-checking with respect to any single stuck-at fault. This property can also be demonstrated for circuits which have the following restrictions:

1. Only inputs have fanout.
2. Each fanout has only two outputs.

The main advantage of this scheme over duplication is the error-preserving property which allows a minimal number of checkers to assure detection of permanent failures. The method is especially suitable for byte-oriented circuits and iterative circuits.

Davies\* [1979+] identified concepts and defined terms useful in the study of synchronization and data matching in the presence of faults. A new class of faults having particular effect on redundant systems was described. Three general methods for performing synchronization and data matching were given and evaluated. Three examples were described to illustrate the general method:

1. a fault-tolerant clock,
2. a triple modular redundant microcomputer system, and
3. a quadruple redundant process controller.

This work provided a comprehensive guide to design techniques for reliable redundant systems.

### 3. MEETINGS

In addition to publishing scientific articles, CRC personnel participated in various technical conferences and meetings including:

1. NAECON, in Dayton, Ohio, during May 1977, attended by Prof. E.J. McCluskey and Dr. J.J. Losq,
2. FTCS-7, the Seventh Annual International Conference on Fault-Tolerant Computing, in Los Angeles, California, during June 1977, attended by Prof. E.J. McCluskey, Dr. J.J. Losq, Dr. M.D. Beaudry, Dr. M.L. Blount, and P.A. Thompson,
3. the 1978 IEEE International Solid-State Circuits Conference, in San Francisco, California, during February 1978, attended by Prof. E.J. McCluskey,
4. the Fifth Annual Symposium on Computer Architecture in Palo Alto, California, during April 1978, attended by Prof. E.J. McCluskey, Dr. M.D. Beaudry, Dr. M.L. Blount, and P.A. Thompson,
5. FTCS-8, the Eighth Annual International Conference on Fault-Tolerant Computing, in Toulouse, France during June 1978, attended by Dr. M.L. Blount,
6. NCC, the 1978 National Computer Conference, in Anaheim, California, during June 1978, attended by Prof. E.J. McCluskey and Dr. M.D. Beaudry,

7. the Third USA-Japan Computer Conference, in San Francisco, California, during October 1978, attended by Prof. E.J. McCluskey, Dr. M.D. Beaudry, and P.A. Thompson,
8. the Fourth Symposium on Computer Arithmetic, in Santa Monica, California, during October 1978, attended by Prof. E.J. McCluskey and Dr. M.D. Beaudry,
9. GOMAC, the Government Microcircuit Applications Conference, in Monterey, California, during November 1978, attended by Prof. E.J. McCluskey,
10. COMPCON 79, in San Francisco, California, During February 1979, attended by Prof. E.J. McCluskey and Dr. M.D. Beaudry,
11. the NASA workshop held by the Working Group on Validation Methods for Fault-Tolerant Avionics and Controls, in Hampton, Virginia, during March 1979, attended by Prof. E.J. McCluskey, and
12. the Second Annual Workshop on Design for Testability, in Boulder, Colorado, during April 1979, attended by Prof. E.J. McCluskey.

#### 4. PERSONNEL

##### 4.1 CURRENT PERSONNEL

Principal Investigator: E. J. McCluskey, Professor of Electrical Engineering and Computer Science

Research Staff: M. Danielle Beaudry, Research Associate Electrical Engineering

Visiting Professor: John P. Hayes, Dept. of Electrical Engineering and Computer Science  
University of Southern California  
Los Angeles, California

Research Assistants: Steve Butner, Electrical Engineering  
Peter L. Fu, Electrical Engineering  
Behzad Khodadad, Electrical Engineering  
David J. Lu, Electrical Engineering  
Daniel Miller, Electrical Engineering

##### 4.2 PAST PERSONNEL

Research Staff: Jacques Losq, Electrical Engineering  
Rodolfo Betancourt, Electrical Engineering  
Roy C. Ogas, Electrical Engineering

Research Assistants: Marion Elount, Electrical Engineering  
Daniel Davies, Electrical Engineering  
Peter A. Thompson, Electrical Engineering

## 5. REFERENCES

[Beaudry, 1976]\* Beaudry, M.D., "Performance Related Reliability Measures for Computing Systems," Tech. Note No. 101, Digital Systems Laboratory, Stanford University, Stanford, California, December 1976.

[Beaudry, 1977]\* Beaudry, M.D., "Performance related reliability measures for computing systems," Seventh Ann. Symp. on Fault-Tolerant Computing (FTCS-7), Digest of Papers, pp.16-21, Los Angeles, California, June 28-30, 1977.

[Beaudry, 1978A]\*+ Beaudry, M.D., "Performance Considerations for the Reliability Analysis of Computing Systems," Ph.D. Dissertation, Stanford University, April 1978.

[Beaudry, 1978B]\*+ Beaudry, M.D., "Performance considerations for reliability analysis - a statistical case study," Proc. Eighth Ann. Symp. on Fault-Tolerant Computing (FTCS-8), pp.198, Toulouse, France, June 21-23, 1978.

[Beaudry, 1978C]\*+ Beaudry, M.D., "Performance Considerations for Reliability Analysis: A Statistical Case Study," Tech. Note No. 126, Computer Systems Laboratory, Stanford University, Stanford, CA, May 1978.

[Beaudry, 1978D]\*+ Beaudry, M.D., "Performance-related reliability measures for computing systems," IEEE Trans. on Comp., Special Issue on Fault-Tolerant Computing, Vol. C-27, No. 6, pp. 540-547, June 1978.

[Beaudry, 1978E]\*+ Beaudry, M. D., "A Statistical Study of Service Interruptions at the SLAC Triplex Multiprocessor," Tech. Rpt. No. 141, Computer Systems Laboratory, Stanford University, Stanford, California, May 1978.

[Beaudry, 1979A]\*+ Beaudry, M.D., "A Statistical Analysis of Failures in the SLAC Computing Center," Digest of Papers, Spring COMPCON 79, San Francisco, California, February 26 - March 1, 1979, pp. 49-52.

[Beaudry, 1979B]\*+ Beaudry, M.D., "Stochastic Behavior of Failures in Computing Systems," Tech. Note (in preparation), Computer Systems Laboratory, Stanford University, Stanford, California, 1979.

[Betancourt, 1979]\*+ Betancourt, R., "Reliability Evaluation Programs -- A survey," Tech. Note No. 119, Computer systems Laboratory, Stanford University, California, June 1979.

[Blount, 1977A]\* Blount, M.L., "Probabilistic treatment of diagnosis in digital systems," Seventh Ann. Symp. on Fault-Tolerant Computing (FTCS-7), Digest of Papers, pp.72-77, Los Angeles, June 28-30, 1977.

[Blount, 1977B]\* Blount, M.L., "Probabilistic Treatment of Diagnosis in Digital Systems," Tech. Note No. 102, Digital Systems Laboratory, Stanford University, Stanford, California, August 1977.

[Blount, 1978A]\*+ Blount, M.L., "Modeling of Diagnosis in Fail-Softly Computer Systems," Proc., 1978 International Symposium on Fault- Tolerant Computing (FTCS-8), pp. 53-58, Toulouse, France, June 21-23, 1978.

[Blount, 1978B]\*+ Blount, M.L., "Modeling of Diagnosis in Fail-Softly Computer Systems," Tech. Note No. 123, Digital Systems Laboratory, Stanford University, Stanford, California, September 1978.

[Blount, 1978C]\*+ Blount, M.L., "On the Calculation of the Parameter Set for the Probabilistic Diagnosis Model," Tech. Note No. 139, Computer Systems Laboratory, Stanford University, Stanford, California, September 1978.

[Blount, 1978D]\*+ Blount, M.L., "A probabilistic model for diagnosis in digital systems," Tech. Rpt. No. 144, Computer Systems Laboratory, Stanford University,

[Blount, 1978E]\*+ Blount, M.L., "Probabilistic Fault Diagnosis Models for Digital Systems," Ph.D. Dissertation, Stanford University, Stanford, California, September 1978.

[Davies, 1979]\*+ Davies, D., "Reliable Synchronization and Matching in Redundant Systems," Tech. Report No. 169, Computer Systems Laboratory, Stanford University, Stanford, California, January, 1979.

[Khodadad, 1979A]\*+ Khodadad-M, B., "Parity Prediction in Combinational Circuits," Tech. Note No. 151, Computer Systems Laboratory, Stanford University, Stanford, California, 1979.

[Khodadadé, 1979B]\*+ Khodadad-M, B., "Parity Prediction in Combinational Circuits," Ninth Annual Symposium on Fault-Tolerant Computing (FTCS-9), Madison, Wis., June 27-30, 1979.

[Losq, 1977]\*+ Losq, J., "Effects of failures on gracefully degradable systems," Seventh Ann. Symp. on Fault-tolerant Computing (FTCS-7), Digest of Papers, pp. 29-34, Los Angeles, California, June 28-30, 1977.

[Losq, 1978A]\*+ Losq, J., "Fault-Tolerant Communication Networks for Computer Networks," Eighth Annual Symposium on Fault-Tolerant Computing (FTCS-8), p. 204, Toulouse, France, June 21-23, 1978.

[Losq, 1978B]\*+ Losq, J., "Fault-Tolerant Communication Networks for Computer Networks," Tech. Note No. 127, Computer Systems Laboratory, Stanford University, Stanford, California, March, 1978.

[Losq, 1978C]\*+ Losq, J., "Efficiency of random compact testing," IEEE Trans. on Comp., Special Issue on Fault-Tolerant Computing, Vol. C-27, No. 6, pp. 516-525, June 1978.

[Losq, 1978D]\*+ Losq, J., "Testing for intermittent failures in combinational circuits," Proc., Third USA-Japan Computer Conference, pp. 165-170, San Francisco, California, October 10-12, 1978.

[Losq, 1978E]\*+ Losq, J., "Testing for intermittent failures in combinational circuits," Tech. Note No. 152, Digital Systems Laboratory, Stanford University, Stanford, California, March, 1978.

[McCluskey, 1977]\*+ McCluskey, E.J., "Reliability and Computer Architecture," Tech. Note No. 122, Digital Systems Laboratory, Stanford University, Stanford, California, December 1977.

[McCluskey, 1978A]\*+ McCluskey, E. J., "Design for Maintainability and Testability," Proc., Government Microcircuit Applications Conference, pp. 44-47, Monterey, California, November 14-16, 1978.

[McCluskey, 1978B]\*+ McCluskey, E.J., "Design for maintainability and testability," Tech. Note No. 145, Computer Systems Laboratory, Stanford University, Stanford, California, September 1978.

[Thompson, 1977A]\*+ Thompson, P.A., "Critique of the SIRU dual computer system," Tech. Note No. 111, Digital Systems Laboratory, Stanford University, Stanford, California, August 1977.

[Thompson, 1977B]\*+ Thompson, P.A., "A Simulator for the Evaluation of Digital System Reliability," Tech. Rpt. No. 119, Digital Systems Laboratory, Stanford University, Stanford, California, August 1977.

[Thompson, 1977C]\*+ Thompson, P.A., "Using simulation to evaluate the reliability of a dual computer system," Tech. Rpt. No. 121, Digital Systems Laboratory, Stanford University, Stanford, California, August 1977.

[Thompson, 1977D]\*+ Thompson, P.A., "Manual for a general-purpose simulator used to evaluate reliability of digital systems," Tech. Rpt. No. 132, Digital Systems Laboratory, Stanford University, Stanford, California, August 1977.

APPENDIX A

DESCRIPTION OF THE CENTER FOR RELIABLE COMPUTING

DESCRIPTION OF THE  
CENTER FOR RELIABLE COMPUTING

GENERAL INFORMATION

The Center for Reliable Computing, CRC, was created in 1976 to coordinate the research efforts in the domain of fault-tolerant computing. The center is part of the Computer Systems Laboratory. The Digital Systems Laboratory, created in 1969, has expanded greatly since that time and it has become appropriate to consolidate all the research oriented towards reliable computing under a single organization. The trend towards increased proliferation of computer systems in many critical applications and the continual demand for added safety and reliability motivated this regroupment.

The goal of the Center is to provide design methods and evaluation techniques that will meet the designer needs for present-day and future systems. The three major areas where most of the attention is centered are: the problem of testing, diagnosis and recovery; the evaluation of the various techniques used to enhance reliability; and the problem of software correctness.

BACKGROUND

This note presents a short summary of the reliability related research performed the Digital Systems Laboratory and continued at the Center for Reliable Computing. Initially, the research was focused on two main areas: fault properties and design of reliable operating systems.

Fault Properties and Testing

Faults inside digital circuits were extensively analysed for their effects on circuit behavior, [McCluskey, 1971; Boute, 1971; Mei, 1974], and also for their testability, [Mei, 1970; Boute, 1972]. This work led to procedures that provide efficient tests for combinational, [Wang, 1975A; Wang 1975B; Dias, 1975; Verdillon, 1975; Verdillon, 1976; Sziray, 1977A; Sziray, 1977B], and sequential circuits [Chesarek, 1972; Boute, 1974A; Boute, 1974B; Boute, 1975]. Special types of networks, such as unate networks and iterative logic arrays, were the object of special attention and powerful testing strategies were developed for them [Betancourt, 1973; Dias, 1976]. An algebraic model of combinational logic networks was developed in order to simplify test generation procedures [Clegg, 1973], and was later refined [Resse, 1973]. The work on fault properties led to the investigation of the statistical

correctness of the outputs of circuits that have suffered internal failures [Parker, 1975A; Parker, 1975B; Ojus, 1974A; McCluskey, 1978; Parker, 1973]. Subsequently, it became possible to quantitatively evaluate the efficiency of both random testing techniques [Shedletsky, 1975A; Shedletsky, 1975B; Shedletsky, 1976A; Shedletsky, 1976B; Shedletsky, 1977] and compact testing methods [Parker, 1976A; Losq, 1976C; Losq, 1977B; Losq, 1978A] for both combinational and sequential circuits. Studies in this area also pointed to the practical advantages of a dynamic approach when choosing among random inputs for the candidates with the highest potential for detection of failures [Parker, 1973; Parker 1976B]. More recent work has produced many optimal strategies to test for intermittent failures [Savir, 1977A; Savir, 1977B; Savir, 1977C; Savir, 1977D; Losq, 1978B].

### Design of Reliable Operating Systems

The original work on operating systems was centered around the problem of parallelism. Design and verification methodologies were obtained, [Bredt, 1971A; Bredt, 1971B; Bredt, 1971C; Bredt, 1973], and we were able to evaluate the various power of parallel system models such as Petri Nets and P-V systems [Peterson, 1974]. This work also led to the formal proof of direct correspondance between Petri Nets and final state machines and Turing machines [Peterson, 1976]. Subsequently, the investigation was broadened to include hierarchical design methods [Bredt, 1974; Saxena, 1975] and the associated verification problems [Saxena, 1976]. New languages for efficient specification of interrupt processing were developed along with formal verification methods and studies of the fault-tolerance of real-time systems [Phillips, 1976]. The resynchronization problem for parallel systems following the detection of errors was also investigated [Russel, 1975]. Recent work has been focused on verifying the correctness of concurrent programs [Owicki, 1977A; Owicki, 1977B].

### Ultra-Reliable Computer Systems

A third area of study, on structures for fault-tolerant systems, was initiated early in the program. Hybrid redundancy received much attention. A very efficient design was obtained, [Siewiorek, 1973A], and careful reliability evaluation was performed [Siewiorek, 1973B; Ojus, 1974C]. This did point out their extreme sensitivity to the unreliability of the fault-detection and switching mechanisms [Losq, 1975]. Significant performance increase was obtained by incorporating some fault-tolerance inside the fault-detection and switching mechanisms [Ojus, 1974B]. Alternatives to hybrid redundancy were also actively studied. The effects of compensating failures in NMR systems were

analyzed [Siewiorek, 1971; Siewiorek, 1974]. An algorithm for the exact reliability evaluation of TMR networks was obtained [Abraham, 1974]. Similarly, interwoven redundant systems were also precisely evaluated [Abraham, 1975]. Self-purging redundancy was shown to offer significant advantages over hybrid redundancy for many applications [Losq, 1974; Losq, 1976A; Losq, 1976B]. A practical design of a small TMR processor using LSI technology has been undertaken [Wakerly, 1975B; Wakerly, 1975C; Wakerly, 1976]. Duplex systems, because of their broad use, were also the focus of much attention [Beaudry, 1977A]. Analytical models were developed, [Fregnini, 1974A], and special care was taken to incorporate the effects of incomplete or faulty recoveries [Fregnini, 1974B]. A powerful and general simulator was developed in parallel with the analytical models [Thompson, 1976; Thompson, 1977A]. This simulator, which allows different subsystems to be described at different level of details, was used to determine very accurately the reliability of a dual redundant avionic system [Thompson, 1977B; Thompson, 1977C]. A different approach to evaluate highly redundant systems is presently being investigated. It consists of a general and automatic method to list all the combinations of failures that cause system crash [Losq, 1977C; Losq, 1977D].

#### Computer Systems with High Availability

At the same time, much work was devoted to the design and evaluation of systems with more modest reliability requirements. Immediate error circuitry [Usas, 1975B]. The problem of detection of errors in periodic signals, like clocks, was solved [Usas, 1974; Usas, 1975A; Usas, 1976]. Currently, a design of a LSI-based version of a self-checking computer is being completed [Wakerly, 1975D]. Much of the present effort in analytical modeling is directed towards the evaluation of gracefully degradable systems [McCluskey, 1977]. Analytical models which emphasize the computation reliability rather than the traditional system reliability have provided a method to quantify the effects of failures [Beaudry, 1977B; Beaudry, 1977C; Beaudry, 1977D; Losq, 1977A]. Attempts have been made to obtain very accurate models for the efficiency of the various recovery strategies [Blount, 1977A; Blount, 1977B]. Also, there is continued work on peripheral device reliability especially through the use of self-checking design [Lu, 1977].

#### Summary

Three other more detailed surveys of the research at the Center for Reliable Computing have been prepared [McCluskey, 1975A; McCluskey, 1975B; McCluskey, 1976].

Apologies are offered to all researchers, both at Stanford and elsewhere, whose work was not included. Space does not allow mention of all the work done at Stanford and no attempt has been made to credit the excellent research being carried out elsewhere because of this same limitation.

#### FACILITIES

The Center for Reliable Computing is located in the Electronics Research Laboratory (ERL), on the Stanford campus. The Center takes advantage of the use of several laboratories, computing centers and libraries.

#### Laboratories

- Digital Design Laboratory, in ERL
  - intended for small circuit design
- Microprocessor Laboratory, in ERL
  - intended for the development, at prototype level, of microprocessor based systems
  - equipped with two Intellec, floppy disc based, development systems
- Testing Laboratory, in ERL
  - intended for test generation for logic boards
  - equipped with H.P. TEST-AID system

#### Computing Centers

- PDP 11/20 system, in ERL
  - intended for local computing by the personnel of the Digital Systems Laboratory
- IBM 370/168 system, Stanford Center for Information Processing (SCIP)
  - large time-shared computing center
- PDP 10 based system, Artificial Intelligence Project
  - large time-shared computing center running mostly LISP and SAIL-type languages
- PDP 10 based system, Low Overhead Time-Sharing System (LOTS)
  - large time-shared computing center, intended for terminal-oriented processing
- Access to the ARPA network
  - through one IMP in ERL and one node at the Artificial Intelligence Project building

### Libraries

- Stanford Engineering Library, Main Library building
- Computer Science Library, Polya building
- U.C. Berkeley Libraries through an exchange agreement between Stanford Libraries and the Libraries of the University of California, Berkeley

### CURRENT PERSONNEL

Director : E.J. McCluskey, Professor, Electrical Engineering and Computer Science

Faculty : W. vanCleempunt, Assistant Professor, Electrical Engineering and Computer Science  
: S.S. Owicki, Assistant Professor, Electrical Engineering and Computer Science  
: D. Luckham, Adjunct Professor, Electrical Engineering

Senior Research Staff: M.D. Beaudry, Research Associate, Electrical Engineering

Research Assistants : S. Bozorgui-Nesbat, Electrical Engineering  
: W. Cory, Electrical Engineering  
: D. Davies, Electrical Engineering  
: P.L. Fu, Electrical Engineering  
: D. Gifford, Electrical Engineering  
: D.D. Hill, Electrical Engineering  
: B. Khodadad, Electrical Engineering  
: D.J. Lu, Electrical Engineering  
: T. Minoura, Electrical Engineering

## REFERENCES

[Abraham, 1975] Abraham, J.A., "A combinatorial solution to the reliability of interwoven redundant logic networks," IEEE Trans. on Comp., Vol. C-24, No. 5, May 1975, pp. 578-584.

[Abraham, 1974] Abraham, J.A., and D.P. Siewiorek, "An algorithm for the accurate reliability evaluation of triple modular redundancy networks," IEEE Trans. on Comp., Vol. C-23, No. 7, July 1974, pp. 682-693.

[Beaudry, 1979] Beaudry, M.D., "A Statistical Analysis of Failures in the SLAC Computing Center," Digest of Papers, Spring COMPCON 79, San Francisco, CA, February 26 - March 1, 1979, pp. 49-52.

[Beaudry, 1978A] Beaudry, M.D., "Performance-related reliability measures for computing systems," IEEE Trans. on Comp., Special Issue on Fault-Tolerant Computing, Vol. C-27, pp.540-547, June, 1978.

[Beaudry, 1978B] Beaudry, M.D., "Performance considerations for reliability analysis - A statistical case study," Proc. Eighth Ann. Symp. on Fault-Tolerant Computing (FTCS-8) , Toulouse, France, June 21-23, 1978, p. 198.

[Beaudry, 1978C] Beaudry, M.D., "A statistical study of service interruptions at the SLAC triplex multiprocessor," Tech. Rept. No. 141, Computer Systems Laboratory, Stanford University, Stanford, CA, May 1978.

[Beaudry, 1978D] Beaudry, M.D., "Performance Considerations for Reliability Analysis: A Statistical Case Study," Computer Systems Laboratory, Stanford University, Tech. Report 126, Stanford, CA., May 1978.

[Beaudry, 1978E] Beaudry, M.D., "Stochastic Behavior of Failures in Computing Systems," Computer Systems Laboratory, Stanford University, Stanford, CA, to be published.

[Beaudry, 1977A] Beaudry, M. D., "Dual redundancy - A survey," Tech. Note No. 93, Digital Systems Laboratory, Stanford University, Stanford, CA, April 1977.

[Beaudry, 1977B] Beaudry, M.D., "Performance related reliability measures for computing systems," Seventh Ann. Symp. on Fault-Tolerant Computing (FTCS-7), Digest of Papers, June 28-30, 1977, Los Angeles, pp. 16-21.

[Beaudry, 1977C] Beaudry, M. D., "Performance considerations for reliability analysis: A statistical case study," Tech. Note No. 126, Digital Systems Laboratory, Stanford University, Stanford, CA., Nov. 1977.

[Beaudry, 1976] Beaudry, M.D., "Performance related reliability measures for computing systems," Tech. Note No. 101, Digital Systems Laboratory, Stanford University, Stanford, CA, 1976.

[Betancourt, 1973] Betancourt, R., "Derivation of minimal test sets for unate logical circuits," IEEE Trans. on Comp., Vol. C-22, No. 11, Nov. 1973, pp. 1264-1269.

[Blount, 1978A] Blount, M.L., "Modeling of diagnosis in fail-softly computer systems," Eighth Ann. Symp. on Fault-Tolerant Computing (FICS-8), France, June 21-23, 1978, pp. 53-58.

[Blount, 1978B] Blount, M.L., "On the Calculation of the Parameter Set for the Probabilistic Diagnosis Model," Tech. Note No. 139, Computer Systems Laboratory, Stanford University, Stanford, CA, September 1978.

[Blount, 1978C] Blount, M.L., "A probabilistic model for diagnosis in digital systems," Tech. Rept. No. 144, Computer Systems Laboratory, Stanford University, Stanford, CA, September 1978.

[Blount, 1978D] Blount, M.L., "Modeling of Diagnosis in Fail-Softly Computer Systems," Tech. Note No. 123, Computer Systems Laboratory, Stanford University, Stanford, CA, September 1978.

[Blount, 1978E] Blount, M.L., "Modeling of diagnosis in fail-softly computer systems," Tech. Note No. 123, Digital Systems Laboratory, Stanford University, Stanford, CA, September 1978.

[Blount, 1977] Blount, M.L., "Probabilistic treatment of diagnosis in digital systems," Seventh Ann. Symp. on Fault-Tolerant Computing, Digest of Papers, June 28-30, 1977, Los Angeles, pp. 72-77.

[Boute, 1975] Boute R., "Algebraic properties of testing and diagnosing sequences," Dig., Fifth Ann. Symp. on Fault-Tolerant Computing (FICS-5), Paris, June 18-20, 1975, pp. 242.

[Boute, 1974A] Boute R., "Distinguishing sets for optimal state identification in checking experiments," IEEE Trans. on Comp., Vol. C-23, No. 8, August 1974, pp. 874-878.

[Boute, 1974B] Boute R., "Optimal and near-optimal checking experiments for output faults in sequential machines," IEEE Trans. on Comp., Vol. C-23, No. 11, Nov. 1974, pp. 1207-1213.

[Boute, 1971] Boute R., "Equivalence and dominance relations between output faults in sequential machines," Tech. Rept. No. 38, SU-SEL-72-052, Stanford University, Stanford, CA., Nov. 1972.

[Boute, 1971] Boute, R., and E. J. McCluskey, "Fault equivalence in sequential machines," Symp. on Computers and Automata, Polytechnic Inst. of Brooklyn, April 13-15, 1971, pp. 483-507.

[Bredt, 1974] Bredt, T. H., and A. R. Saxena, "Hierarchical design methods for operating systems," Dig., Ninth Ann. IEEE Comp. Society Int'l Conference (COMPCON'74 Fall), Washington, D.C., September 10-12, 1974, pp. 153-156.

[Bredt, 1973] Bredt, T. H., "Analysis of operating system interactions," Proc., Conf on Theoretical Informatics, University of Pisa, Pisa, Italy, March 1973, pp. 255-281.

[Bredt, 1971A] Bredt, T. H., and E. J. McCluskey, "Analysis and synthesis of control mechanisms for parallel processes," Proc., Symp. on Parallel Processor Systems, Technologies, and Applications, Monterey, CA., June 1969.

[Bredt, 1971B] Bredt, T. H., "Design of sequential programs," (abstract), Proc., Fifth Princeton Conf. on Information Sciences and Systems, Princeton University, Princeton, NJ, March 1971.

[Bredt, 1971C] Bredt, T. H., "Analysis of parallel systems," IEEE Trans. on Comp., Vol. C-20, No. 11, Nov. 1971, pp. 1403-1407.

[Bredt, 1970] Bredt, T.H., "Analvsis and Synthesis of Control Mechanisms for Parallel Processes," Parallel Processor Systems, Technologies, and Applications, pp. 287-295, L.C. Hobbs, Editor, Spartan Books, New York, New York, 1970.

[Chesarek, 1972] Chesarek, D. J., "Fault detection experiment for sequential machines," Ph.D. Dissertation, Digital Systems Laboratory, Stanford University, Stanford, CA, 1972

[Clegg, 1973] Clegg, F. W., "Use of SPOOF's in the analysis of faulty logic networks," IEEE Trans. on Comp., Vol. C-22, No. 3, March 1973, pp. 229-234.

[Davies, 1979] Davies, D., "Reliable Synchronization and Matching in Redundant Systems," Computer Systems Laboratory, Stanford University, Tech. Report No. 169, January, 1979.

[Davies, 1978] Davies, D., and J.F. Wakerly, "Synchronization and matching in redundant systems," IEEE Trans. on Comp., Special Issue on Fault-Tolerant Computing, Vol. C-27, pp. 531-539, June 1978.

[Dias, 1975] Dias, F. J. O., "Fault masking in combinational logic circuits," IEEE Trans. on Comp., Vol. C-24, No. 5, May 1975, pp. 476-482.

[Dias, 1976] Dias, F. J. O., "Truth-Table verification of an iterative logic array," IEEE Trans. on Comp., Vol. C-26, No. 6, June 1976, pp. 605-613.

[Dias, 1975] Dias, F. J. O., "Fault masking in combinational logic circuits," IEEE Trans. on Comp., Vol. C-24, No. 5, May 1975, pp. 476-482.

[Fregnini, 1974] Fregnini, E., and R. C. Ogas, "Error recovery techniques in computer systems: A survey," Tech. Note 42, Digital Systems Laboratory, Stanford University, Stanford, CA, June 1974.

[Fregnini, 1974] Fregnini, E., M. D. Beaudry, and R. C. Ogas, "A Markov model of a reconfigurable system," Tech. Note No. 43, Digital Systems Laboratory, Stanford University, Stanford, CA, August 1974.

[Khodadad, 1979] Khodadad-Mostashiry, B., "Parity Prediction in Combinational Circuits," Tech. Note No. 151, Computer Systems Laboratory Stanford University, Stanford, CA, to be published.

[Kiryukhin, 1978A] Kiryukhin, V.V., "Algorithms of Highly Reliable Digital Systems Design," Computer Systems Laboratory, Stanford University, Stanford, CA, to be published.

[Kolupaev, 1977] Kolupaev, S., "Cascade structure in self-checking networks," Proc. Seventh Ann. Symp. on Fault-Tolerant Computing (FTCS-7), Los Angeles, CA, June 28-30, 1977, pp. 150-154.

[Losq, 1978A] Losq, J., "Efficiency of random compact testing," IEEE Trans. on Comp., Special Issue on Fault-Tolerant Computing, Vol. C-27, pp. 516-525, June 1978.

[Losq, 1978B] Losq, J., "Testing for intermittent failures in combinational circuits," Third USA-JAPAN Computer Confer. Proc., San Francisco, Ca., October 10-12, 1978, pp. 165-170.

[Losq, 1978C] Losq, J., "Enumeration of the critical fault patterns in fault-tolerant computer systems," Proc. Eighth Ann. Symp. on Fault-Tolerant Computing, Toulouse, France, June 1978, pp. 31-36.

[Losq, 1978D] Losq, J., "Enumeration of the Critical Fault Patterns in Fault-Tolerant Computer Systems," Tech. Note No. 128, Computer Systems Laboratory, Stanford University, Stanford, CA, March 1978.

[Losq, 1978E] Losq, J., "Efficiency of Random Compact Testing," Tech. Note No. 135, Computer Systems Laboratory, Stanford University, Stanford, CA, March 1978.

[Losq, 1978F] Losq, J., "Testing for Intermittent Failures in Combinational Circuits," Tech. Note No. 152, Digital Systems Laboratory, Stanford University, Stanford, CA, March, 1978.

[Losq, 1978G] Losq, J., "Fault-Tolerant Communication Networks for Computer Networks," Proc. Eighth Ann. Symp. on Fault-Tolerant Computing (FTCS-8), Toulouse, France, June 21-23, 1978, p. 204.

[Losq, 1978H] Losq, J., "Fault-Tolerant Communication Networks for Computer Networks," Tech. Note No. 127, Computer Systems Laboratory, Stanford University, Stanford, California, March 1978.

[Losq, 1977A] Losq, J., "The effects of failures on gracefully degradable systems," Seventh Ann. Symp. on Fault-tolerant Computing, Digest of Papers, June 28-30, Los Angeles, pp. 29-34.

[Losq, 1977B] Losq, J., "Efficiency of compact testing for sequential circuits," Proc., Seventh Ann. Symp on Fault-Tolerant Computing, Los Angeles, CA, June 28-30, 1977, pp.168-174.

[Losq, 1977C] Losq, J., "Enumeration of the critical fault patterns in fault-tolerant computer systems," Tech. Note No. 128, 128, Digital Systems Laboratory, Stanford University, Stanford, CA, Nov. 1977.

[Losq, 1977D] Losq, J., "System-Level characterization of critical fault patterns in fault-tolerant computer systems," Tech. Rept. No. 151, Digital Systems Laboratory, Stanford University, Stanford, CA, Nov 1977.

[Losq, 1976A] Losq, J., "Multiple failures and redundant systems," Digest of 1976 Johns Hopkins Conference on Information Sciences and Systems, Baltimore, MD, April 1976.

[Losq, 1976B] Losq, J., "A Highly efficient redundancy scheme: Self-purging redundancy," IEEE Trans. on Comp., Vol. C-25, No. 6, June 1976, pp. 269-278.

[Losq, 1976C] Losq, J., "Referenceless random testing," Proc., Sixth Ann. Symp. on Fault-Tolerant Computing, Pittsburgh, PA, June 21-23, 1976, pp. 108-113.

[Losq, 1975] Losq, J., "Influence of fault-detection and switching mechanisms on the reliability of stand-by systems," Fifth Ann. Symp. on Fault-Tolerant Computing, Digest of Papers, June 18-20, 1975, Paris, pp. 81-86.

[Kiryukhin, 1978B] Kiryukhin, V.V., Chernykh, A.M., "A Quaduple-Computer Redundant Type Fault-Tolerant System," Third USA-JAPAN Computer Conference, October 1978.

[Losq, 1974] Losq, J., "Redundancy scheme for optimum multiple fault tolerance," Tech. Note No. 33, Digital Systems Laboratory, Stanford University, Stanford, California, January 1974.

[Lu, 1978A] Lu, D.J., "Quantitative comparison of self-checking circuit designs: definitions and an example for linear feedback shift registers," Proc. Eighth Ann. Symp. on Fault-Tolerant Computing, (FICS-8), Toulouse, France, June 1978, p. 221.

[Lu, 1978B] Lu, D.J., "Structural Integrity Checking," Tech. Note No. 149, Computer Systems Laboratory, Stanford University, Stanford, CA, November, 1978.

[Lu, 1977] Lu, D.J., "Quantitative comparison of self-checking circuit designs," Tech. Note No. 130, Digital Systems Laboratory, Stanford University, Stanford, CA, Nov. 1977.

[McCluskey, 1978A] McCluskey, E. J., K. P. Parker, and J. J. Shedletsky, "Boolean network probabilities and network design," IEEE Trans. on Comp., Vol. C-27, No. 2, February 1978.

[McCluskey, 1978B] McCluskey, E.J., "Logic Design of Multi-Valued IIL Logic Circuits," 8th International Symp. on Multiple-Valued Logic, May 24-26, 1978, Chicago, Ill.

[McCluskey, 1978C] McCluskey, E.J., "Design For Maintainability and Testability," Tech. Note No. 145, Computer Systems Laboratory, Stanford University, Stanford, CA, September 1978.

[McCluskey, 1977] McCluskey, E.J., and R.C. Ogus, "Comparative architecture of high availability computer systems," Dig., Fourteenth IEEE Comp. Society Int'l Conf. (COMPON'77 Spring), San Francisco, CA, Feb. 28-March 3, 1977, pp. 289-293.

[McCluskey, 1976] McCluskey, E.J., "A survey of research at the Center for Reliable Computing, Stanford University," Journal of Design Automation and Fault-Tolerant Computing, Vol. 1, No. 1, Oct. 1976, pp. 85-90.

[McCluskey, 1975A] McCluskey, E. J., J. F. Wakerly, and R. C. Ogus, "Center for Reliable Computing: Current research," Tech. Rept. No. 100, Digital Systems Laboratory, Stanford University, Stanford, CA, Oct. 1975.

[McCluskey, 1975B] McCluskey, E. J., and R. C. Ogus, "Survey of computer reliability studies," Electro-Technology, Dec. 1975.

[McCluskey, 1971] McCluskey, E. J., and F. W. Clegg, "Fault equivalence in combinational logic networks," IEEE Trans. on Comp., Vol. C-20, No. 11, Nov. 1971, pp. 1286-1293.

[Mei, 1974] Mei, K. C. Y., "Bridging and stuck-at faults," IEEE Trans. on Comp., Vol. C-23, No. 7, July 1974, pp. 720-727.

[Mei, 1970] Mei, K. C. Y., "Fault dominance in combinational circuits," Tech. Note No. 2, Digital Systems Laboratory, Stanford University, Stanford, CA, August 1970.

[Ogus, 1974A] Ogus, R. C., "The probability of correct output from a combinational circuit," IEEE Trans. on Comp., Vol. C-23, No. 7, July 1974, pp. 667-682.

[Ogus, 1974B] Ogus, R.C., "Fault-tolerance of the iterative cell array switch for hybrid redundancy," IEEE Trans. on Comp., Vol. C-23, No. 7, July 1974, pp. 667-682.

[Ogus, 1974C] Ogus, R.C., "Reliability analysis of hybrid redundant systems with nonperfect switches," Tech. Rpt. No. 65, Digital Systems Laboratory, Stanford University, Stanford, California, Nov. 1974.

[Owicki, 1977A] Owicki, S. S., "Specifications and proofs for abstract data types in concurrent programs," Tech. Rept. No. 133, Digital Systems Laboratory, Stanford University, Stanford, CA, April 1977.

[Owicki, 1977B] Owicki, S. S., "Verifying concurrent programs with shared data classes," Proc., Working Conf. on Formal Description of Programming Concepts, North Holland, August 1977.

[Owicki, 1977C] Owicki, S.S., "Verifying Concurrent Programs with shared Data Classes," Tech. Report No. 147, Digital Systems Laboratory, Stanford University, Stanford, CA, August, 1977.

[Parker, 1978] Parker, K. P., and E. J. McCluskey, "Sequential circuit output probabilities from regular expressions," IEEE Trans. on Comp., Vol. C-27, No. 3, March, 1978, pp. 222-231.

[Parker, 1976A] Parker, K. P., "Compact testing: Testing with compressed data," Proc., Sixth Ann. Symp. on Fault-Tolerant Computing (FTCS-6), Pittsburgh, PA, June 28-30, 1976, pp. 93-98.

[Parker, 1976B] Parker, K. P., "Adaptive random test generation," Design Automation and Fault-Tolerant Computing, Vol. 1, No. 1, Oct. 1976, pp. 42-53.

[Parker, 1975A] Parker, K. P., and E. J. McCluskey, "Analysis of logic circuits with faults using input signal probabilities," IEEE Trans. on Comp., Vol. C-24, No. 5, May 1975, pp. 573-578.

[Parker, 1973] Parker, K. P., and E. J. McCluskey, "Probabilistic treatment of general combinational networks," IEEE Trans. on Comp., Vol. C-24, No. 6, June 1975, pp. 668-670.

[Parker, 1973] Parker, K. P., "Probabilistic test generation," Tech Note No. ..., Digital Systems Laboratory, Stanford University, Stanford, CA, June 1973.

[Peterson, 1976] Peterson, J. L., "Computation sequence sets," J. of Computer and System Sciences, Vol. 13, No. 1, August 1976, pp. 1-24.

[Peterson, 1974] Peterson, J. L., and T. H. Bredt, "A comparison of models for parallel systems," Proc., 1974 IFIP Congress, 1974.

[Phillips, 1976] Phillips, J. V., and T. H. Bredt, "Design and verification of real-time systems," Proc., Second Int'l Conf. on Software Engineering, San Francisco, CA, October 13-15, 1976.

[Reese, 1973] Reese, R. D., and E. J. McCluskey, "A gate equivalent model for combinational logic network analysis," Dig., Third Ann. Symp. on Fault-Tolerant Computing, Palo-Alto, CA, June 20-22, 1973, pp. 79-85.

[Russell, 1975] Russell, D. L., and T. H. Bredt, "Error resynchronization in producer-consumer systems," Proc., Fifth Symp. on Operating Systems Principles, Austin, Texas, October 1975.

[Savir, 1978A] Savir, J., "Detection of intermittent faults in sequential circuits," Tech. Rept. No. 120, Digital Systems Laboratory, Stanford University, Stanford CA, March 1978.

[Savir, 1978B] Savir, J., "Testing for multiple intermittent failures in combinational circuits by maximizing the probability of fault detection", Proc., Eighth Ann. Symp. on Fault-Tolerant Computing (FTCS-8), Toulouse France, June 21-23, 1978, p. 212.

[Savir, 1978C] Savir, J., "Model and random-testing properties of intermittent faults in combinational circuits," Journal of Design Automation and Fault-Tolerant Computing, July 1978, pp. 215-230.

[Savir, 1978D] Savir, J., "Testing for intermittent failures in combinational circuits by minimizing the mean testing time for a given test quality," Third USA-JAPAN Comp. Conf. Proc., San Francisco, October 10-12, 1978, pp. 155-161.

[Savir, 1978E] Savir, J., "Syndrome-Testable Design of Combinational Circuits," Tech. Report no. 157, Computer Systems Laboratory, Stanford University, Stanford, CA, October 1978.

[Savir, 1977A] Savir, J., "Optimal random testing of single intermittent failures in combinational circuits," Proc., Seventh Ann. Symp. on Fault-Tolerant Computing, Los Angeles, CA, June 28-30, 1977, pp. 180-185.

[Savir, 1977B] Savir, J., "Model and random testing properties of intermittent faults in combinational circuits," Tech. Note. No. 118, Digital Systems Laboratory, Stanford University, Stanford, CA, Aug. 1977.

[Savir, 1977C] Savir, J., "Testing for multiple intermittent failures in combinational circuits by maximizing the probability of fault detection," Tech. Rept. No. 146, Digital Systems Laboratory, Stanford University, Stanford, CA, Nov. 1977.

[Savir, 1977D] Savir, J., "Testing for intermittent failures in combinational circuits by minimizing the mean testing time for a given test quality," Tech. Rept. No. 148, Digital Systems Laboratory, Stanford University, Stanford, CA, Nov. 1977.

[Savir, 1977E] Savir, J., "Optimal random testing of single intermittent failures in combinational circuits", Tech. Note No. 105, Digital Systems Laboratory Stanford University, Stanford, CA, March 1977.

[Savir, 1977F] Savir, J., "Detection of single faults in modular combinational networks", Tech. Note No. 136, Digital Systems Laboratory, Stanford University, Stanford, CA, Aug. 1977.

[Savir, 1977G] Savir, J., "Testing for single intermittent failures in combinational circuits by maximizing the probability of fault detection," Tech. Rept. 145, Digital Systems Laboratory, Stanford University Stanford, CA, Sept. 1977.

[Saxena, 1976] Saxena, A. R., and T. H. Bredt, "Verification of a monitor specification," Proc., Second Int'l Conf. on Software Engineering, San Francisco, CA, Oct. 13-15, 1976.

[Saxena, 1975] Saxena, A. R., and T. H. Bredt, "A structure specification of a hierarchical operating system," Proc., 1975 Int'l Conf. on Reliable Software, Los Angeles, CA, June 21-23, 1975, pp. 310-318.

[Shedletsky, 1978] Shedletsky, J.J., "Error Correction by Alternative-Block Retry," IEEE Trans. on Comp., Vol. C-27, No. 2, February 1978, pp. 106-112.

[Shedletsky, 1977] Shedletsky, J. J., "Random testing: Practicality vs. verified effectiveness," Proc., Seventh Ann. Symp. on Fault-Tolerant Computing, Los Angeles, CA, June 28-30, 1977, pp. 168-174.

[Shedletsky, 1976A] Shedletsky, J.J., and E. J. McCluskey, "The error latency of a fault in a sequential digital circuit," IEEE Trans. on Comp., Vol. C-25, No. 6, June 1976, pp. 655-659.

[Shedletsky, 1976B] Shedletsky, J. J., "A rollback interval for networks with an imperfect self-checking property," Dig., Sixth Ann. Symp. on Fault-Tolerant Computing (FTCS-6), Pittsburgh, PA, June 21-23, 1976, pp. 163-168.

[Shedletsky, 1975A] Shedletsky, J. J., and E. J. McCluskey, "The error latency of a fault in a combinational digital circuit," Dig., Fifth Ann. Symp. on Fault-Tolerant Computing (FTCS-5), Paris, France, June 18-20, 1975, pp. 210-214.

[Shedletsky, 1975B] Shedletsky, J. J., "A rationale for the random testing of combinational digital circuits," Dig., Eleventh Ann. IEEE Comp. Society Int'l Conf. (COMPCON'75 Fall), Washington, D.C., Sept. 9-11, 1975, pp. 5-8.

[Siewiorek, 1974] Siewiorek, D. P., "Reliability modeling of compensating failures in majority voted redundancy," Fourth Ann. Symp. on Fault-Tolerant Computing, Digest of Papers, June 19-21, 1974, Urbana, Ill., session 2, pp. 14-19.

[Siewiorek, 1973A] Siewiorek, D.P., and E.J. McCluskey, "An iterative cell switch design for hybrid redundancy," IEEE Trans. on Comp., Vol. C-22, No. 3, March 1973, pp. 290-297.

[Siewiorek, 1973B] Siewiorek, D.P., and E.J. McCluskey, "Switch complexity in systems with hybrid redundancy," IEEE Trans. on Comp., Vol. C-22, No. 3, March 1973, pp. 276-282.

[Siewiorek, 1971] Siewiorek, D.P., "An improved reliability model for NMR," Tech. Rpt. No. 24, Digital Systems Laboratory, Stanford University, Stanford, California, Dec. 1971.

[Sziray, 1977A] Sziray, J., "A test calculation algorithm for module-level combinational networks," Tech. Note No. 124, Digital Systems Laboratory, Stanford University, Stanford, CA, Nov. 1977.

[Sziray, 1977B] Sziray, J., "Test calculation for logic networks by composite justification," Tech. Note No. 129, Digital Systems Laboratory, Stanford University, Stanford, CA, Nov. 1977.

[Thompson, 1977A] Thompson, P.A., "Manual for a general-purpose simulator used to evaluate the reliability of digital systems," Tech. Rpt. No. 132, Digital Systems Laboratory, Stanford University, Stanford, California, March 1977.

[Thompson, 1977B] Thompson, P.A., "Using simulation to evaluate the reliability of a dual computer system," Tech. Rpt. No. 121, Digital Systems Laboratory, Stanford University, Stanford, California, March 1977.

[Thompson, 1977C] Thompson, P.A., "Critique of the SIRU dual computer system," Tech. Note No. 111, Digital Systems Laboratory, Stanford University, Stanford, CA, Aug. 1977.

[Thompson, 1976A] Thompson, P.A., "A simulator for the evaluation of digital systems reliability," Tech. Rpt. No. 119, Digital Systems Laboratory, Stanford University, Stanford, California, August 1976.

[Thompson, 1976B] Thompson, P.A., "A simulator for the evaluation of reliability," Tech. Note No. 106, Digital Systems Laboratory, Stanford University, Stanford, CA, Dec. 1976.

[Usas, 1976] Usas, A. M., "Error management in digital computer input/ output systems," Tech. Rept. No. 122, Digital Systems Laboratory, Stanford University, Stanford, California, May 1976.

[Usas, 1975A] Usas, A. M., "A totally self-checking checker design for the detection of errors in periodic signals," IEEE Trans. on Comp., Vol. C-24, No. 5, May 1975, pp. 483-489.

[Usas, 1975B] Usas, A. M., "Fail-Safe circuits: A mean to improve reliability and maintainability of I/O subsystems," Dig., Eleventh Ann. IEEE Comp. Society Int'l Conf. (COMPON'75 Fall), Washington, D.C., Sept. 9-11, 1975.

[Usas, 1974] Usas, A. M., and E. J. McCluskey, "Design and application of a self-checking periodic signal checker," Dig., Ninth Ann. IEEE Comp. Society Int'l Conf. (COMPON'74 Fall), Washington, D.C., Sept. 10-12, 1974, pp. 83-91.

[Verdillon, 1976] Verdillon, A., "Symmetry, automorphism and test," Tech. Note No. 87, Digital Systems Laboratory, Stanford University, Stanford, California, June 1976.

[Verdillon, 1975] Verdillon, A., "Procedure to obtain optimal test sequences," Tech. Note No. 80, Digital Systems Laboratory, Stanford University, Stanford, California, Dec. 1975.

[Wakerly, 1978] Wakerly, J. F., Error-Detecting Codes, Self-Checking Circuits, and Applications, published by American Elsevier, 1978.

[Wakerly, 1977] Wakerly, J. F., "Microprocessor input/output architecture," Computer, Vol. 10, No. 2, Feb. 1977.

[Wakerly, 1976] Wakerly, J. F., "Microcomputer reliability improvement using triple modular redundancy," Proc., IEEE, Vol. 64, No. 6, June 1976, pp. 889-895.

[Wakerly, 1976A] Wakerly, J. F., "Detection of unidirectional multiple errors using low-cost arithmetic code," IEEE Trans. on Comp., Vol. C-25, No. 2, Feb. 1975, pp. 210-212.

[Wakerly, 1976B] Wakerly, J.F., "Reliability of microcomputer systems using triple modular redundancy," Tech. Note No. 61, Digital Systems Laboratory, Stanford University, Stanford, California, April 1975.

[Wakerly, 1975C] Wakerly, J. F., "Transient failures in triple modular redundancy systems with sequential modules," IEEE Trans. on Comp., Vol. C-24, No. 5, May 1975, pp. 570-573.

[Wakerly, 1975D] Wakerly, J. F., "Principle of self-checking processor design and an example," Tech. Note No. 115, Digital Systems Laboratory, Stanford University, Stanford, CA, Dec. 1975.

[Wakerly, 1974A] Wakerly, J. F., "Partially self-checking circuits and their use in performing logical operations," IEEE Trans. on Comp., Vol. C-23, No. 7, July 1974, pp. 658-667.

[Wakerly, 1974B] Wakerly, J. F., and E. J. McCluskey, "Design of low-cost general-purpose self-diagnosing computers," Information Processing Congress, 1974, Stockholm, Sweden, August 5-10, 1974, Vol. 1, pp. 108-111.

[Wang, 1975A] Wang, D. T., "Properties of faults and criticality of values under tests for combinational networks," IEEE Trans. on Comp., Vol. C-24, No. 7, July 1975, pp. 746-750.

[Wang, 1975B] Wang, D. T., "An algorithm for the generation of test sets for combinational networks," IEEE Trans. on Comp., Vol. C-24, No. 7, July 1975, pp. 742-746.

APPENDIX B

RESUMES

E. J. McCLUSKEY

BIOGRAPHY

PERSONAL:

Born - October 16, 1929  
New York, New York

Computer Systems Laboratory  
Stanford University  
Stanford, California 94305  
(415) 497-1451

EDUCATION:

Sc.D. (Electrical Engineering) - M.I.T., 1956

B.S. and M.S. (Electrical Engineering) - M.I.T., 1953

A.B. (Physics and Mathematics), Summa Cum Laude - Bowdoin College, 1953

POSITIONS:

Professor of Electrical Engineering and Computer Science, Stanford University, 1967-

Director, Digital Systems Laboratory, Stanford University, 1969-1973

Director, Stanford Computer Forum, 1969-1978

Visiting Professor of Electrical Engineering and Computer Science, Stanford University, 1966-1967

Professor of Electrical Engineering, Princeton University, 1963-1966

Director of Computer Center, Princeton University, 1961-1966.

Associate Professor of Electrical Engineering, Princeton University, 1959-1963

Member of Technical Staff, Bell Telephone Laboratories, Electronic Telephone Office Design, Whippny, New Jersey, 1955-1959

PROFESSIONAL SOCIETY POSITIONS AND HONORS:

AAAS - Fellow, 1967-

AACC - Representative on the Finite Automata Subcommittee of the IFAC Technical Committee on Control Theory

ACM - Associate Editor, ACM Journal, 1963-1969

National Lectureship, 1965-1966

Curriculum Committee, 1967-1969

AFIPS - Executive Committee, 1972-1974

Member, Board of Directors, 1970-1974

IEEE - Long Range Planning Committee, 1971

Proceedings Editorial Board, 1966-1968

Fellow, 1965-

IEEE - Distinguished Visitor's Program Lecturer, 1970-  
Computer  
Group Chairman, 1970

Technical Committee on Fault Tolerant Computing,  
Member, 1970

Vice Chairman for Technical Activities, 1969

Fellows Committee, 1968-

Awards Committee, 1967-

San Francisco Computer Chapter

Chairman, 1969-1970

Vice-Chairman, 1968-1969

Local Arrangements Chairman, 1967-1968

Technical Committee on Applications in Design  
Automation, Member, 1966

Publications Committee, 1965-1966

Administrative Committee, 1964-1970

Technical Committee on Switching and Automata Theory

Chairman, 1964-1966

Member, 1959-

Transactions on Computers

Associate Editor, 1961-1965

Review Editor, 1959-1961

IEEE - Chairman, Fellows Committee, 1975-1976  
Computer  
Society    Junior Past President, 1972-1973  
                 President, 1970-1971

PHI BETA KAPPA, SIGMA XI, ETA KAPPA NU, TAU BETA PI

CONFERENCE ACTIVITIES:

USA Program Chairman, 3rd USA-Japan Computer Conference, San Francisco, California, October 10-12, 1978

Chairman, The 5th Annual Symposium on Computer Architecture, Palo Alto, California, April 3-5, 1978

Program Vice-Chairman for North and South America, 1978 International Symposium on Fault-Tolerant Computing (FTCS-8), Toulouse, France, June 21-23, 1978

COMPCON 77, Panel Discussions: Session 17 - Reliable Computer Architecture and Session 22 - Distributed Fault Tolerant Computer Systems, San Francisco, California, February 28 - March 3, 1977

Design Automation and Microprocessors Conference, Chairman of Panel Discussion: Testing of Microprocessor-Based Systems, Palo Alto, California, February 24-25, 1977

Fault Tolerant Workshop, San Diego, California, February 23, 1977

Session Chairman, 6th International Symposium on Multiple-Valued Logic, Utah State University, Logan, Utah, May 25-28, 1976

General Conference Chairman, 1973 International Symposium on Fault-Tolerant Computing (FTCS-3), June 1973

General Chairman, Third Symposium on Operating Systems, 1971

Session Chairman, 1966 Design Automation Workshop

SEMINARS:

"Logic Design for Multi-Level Integrated Circuits," Distinguished Lecturer Series, Computer Science Dept., Carnegie-Mellon University, Pittsburgh, Pennsylvania, March 8, 1978

"Multi-Value Threshold Logic," Dept. of Electrical Engineering, Stanford University, Stanford, California, January 19, 1978

CONSULTING:

Battelle Corporation, 1978-  
Hughes Aircraft Company, 1978-  
Honeywell Corporation, 1977-  
Microtechnology Corporation, 1977-  
Palyn Associates, Inc., 1973-1975  
Signetics Corporation, 1971-  
Scientific Advisory Groups, General Precision, 1962-1966  
IDA Task Force on Computers in Command and Control, 1962  
IBM Scientific Center (Palo Alto, California), 1966-1967

SUMMER POSITIONS:

RCA, Design Automation, 1966  
MIT Lincoln Laboratory, Computers in Command and Control, 1961  
IBM, NOR Gate Design, 1960

OTHER PROFESSIONAL ACTIVITIES:

The Annals of the History of Computing, Editorial Board and Editor,  
AFIPS, 1978-

Visiting Committee for Information and Computer Science, Georgia  
Institute for Technology, 1978

Design Automation and Fault-Tolerant Computing, Editorial Board, 1977-

Patent Submission: Multivalued Integrated Injection Logic, 1976

Digital Processes, Editorial Board, Delta Publishing Company, Ltd.,  
Switzerland, 1975-

Computer Design and Architecture Series, Elsevier North-Holland, Inc.  
(formerly American Elsevier), New York, 1973-

National Academy of Science, Planning Group for Education, Computer  
Science and Engineering Board, 1968-1973

Commission on Engineering Education COSINE Committee, 1965-1972

Computer Science and Information Processing Series, Consulting  
Editor, Addison-Wesley, 1963-1966

Transactions on Computers, Associate Editor, IRE, 1959-1965

PUBLICATIONS:

Total number of publications: 123

Ph.D. THESES SUPERVISED

Lewin, Morton H. "Negative-Resistance Elements as Digital Computer Components," Princeton University, 1960

Stabler, Edward P. "Methods of Magnetic Logic," Princeton University, 1961

Dolotta, Theodore A. "The Coding Problem in the Design of Switching Circuits," Princeton University, 1961

Schorr, Herbert "Towards the Automatic Analysis and Synthesis of Digital Systems," Princeton University, 1962

Brzozowski, Janusz A. "Regular Expression Techniques for Sequential Circuits," Princeton University, 1962

Poage, James F. "The Derivation of Optimum Tests for Logic Circuits," Princeton University, 1962

Eichelberger, Edward B. "Sequential Circuit Synthesis Using Hazards and Delays," Princeton University, 1963

Gimpel, James F. "Some Minimization Problems in the Design of Gate-Type Combinational Switching Networks," Princeton University, 1966

Clegg, Frederick Wingfield "Algebraic Properties of Faults in Logic Networks," Stanford University, 1970

Bredt, Thomas H. "Control of Parallel Processes," Stanford University, 1970

Chamberlin, Donald D. "Parallel Implementation of a Single Assignment Language," Stanford University, 1971

Siewiorek, Daniel P. "Fault Tolerant Computers Using Self-Diagnosis and Hybrid Redundance," Stanford University, 1972

Chesarek, Donald J. "Fault Detecting Experiments for Sequential Machines," Stanford University, 1972

Fuller, Samuel H. "The Analysis and Scheduling of Devices Having Rotational Delays," Stanford University, 1972

Boute, Raymond C. "Faults in Sequential Machines: Algebraic Properties and Detection Methods," Stanford University, 1972

Salisbury, Alan B. "Evaluating Microprogrammed Emulators," Stanford University, 1973

Wang, David T. W. "An Algorithm for the Generation of Test Sets for Combinational Logic Networks," Stanford University, 1974

Mitarai, Hajime "The Use of Semiconductor ROM for Logic," Stanford University, 1974

Wakerly, John F. "Low-Cost Error Detection Techniques for Small Computers," Stanford University, 1974

Shapiro, Gerald N. "A Functional Approach to Structured Combinational-Logic Design," Stanford University, 1974

Svobodova, Liba "Computer Performance Measurement and Evaluation Methods: Analysis and Application," Stanford University, 1974

Abraham, Jacob A. "Reliability Analysis of Digital Systems Protected by Massive Redundancy," Stanford University, 1974

Ogus, Poy C. "Design and Evaluation of Ultra-Reliable Digital Systems," Stanford University, 1975

Price, Thomas G. Jr. "Probability Methods of Multi-Programmed Computer Systems," Stanford University, 1975

Mei, Kenyon C. Y. "Fault Dominance of Bridging and Stuck-at Faults," Stanford University, 1975

Losq, Jacques "Modelling and Reliability of Redundant Digital Systems," Stanford University, 1975

Dias, Francisco J.O. "Multiple Fault Analysis in Combinational Logic Circuits," Stanford University, 1975

Kolupaev, Stephen G. "Cutting Planes and Self-Checking Networks," Stanford University, 1976

Parker, Kenneth P. "Probabilistic Test Generation," Stanford, University, 1976

Shedletsky, John J. "Error Latency in Digital Circuits," Stanford University, 1976

Usas, Alan M. "Error/Management in Digital Computer Input/Output Systems," Stanford University, 1976

Betancourt, Rodolfo      "Analysis and Synthesis of Sequential Circuits Using Flip-Flops," Stanford University, 1976

Savir, Jacob S.      "Detection of Intermittent Failures in Combinational Circuits," Stanford University, 1977

Seaudry, M. Danielle      "Performance Considerations for the Reliability Analysis of Computing Systems," Stanford University, 1978

Blount, Marion L.      "Probabilistic Fault Diagnosis Models for Digital Systems," Stanford University, 1978

## TECHNICAL REPORTS

1. "An Essay on Prime Implicant Tables," (with I.B. Pyne), Tech. Rpt. No. 1, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, October 1960.
2. "Minimal P-Point Functions on N-Cubes," (with T.A. Dolotta), Tech. Rpt. No. 2, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, November 1960.
3. "Introduction to State Tables," Tech. Rpt. No. 3, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, February 1961.
4. "Signal Flow Graph Techniques for Sequential Circuit State Diagrams," (with J.A. Brzozowski), Tech. Rpt. No. 5, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, April 1961.
5. "The Reduction of Redundancy in Solving Prime Implicant Tables," (with I.B. Pyne), Tech. Rpt. No. 9, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, May 1961.
6. "A Modified Version of ALGOL for Logical Programming," (with A. Grasselli), Tech. Rpt. No. 11, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, May 1961.
7. "Minimal Sums for Boolean Functions Having Many Unspecified Fundamental Products," Tech. Rpt. No. 12, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, June 1961.
8. "Computers in Command and Control," Tech. Rpt. No. 61-12, Institute for Defense Analyses, Arlington, Virginia, November 1961.
9. "Transient Behavior of Combinational Logic Networks," Tech. Note No. 13, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, January 1962.
10. "Minimum-State Sequential Circuits for a Restricted Class of Incompletely Specified Flow Tables," Tech. Rpt. No. 14, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, February 1962.
11. "Essential Multiple-Output Prime Implicants," (with H. Schorr), Tech. Rpt. No. 23, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, April 1962.
12. "Derivation of Optimum Test Sequences for Sequential Machines," (with J.F. Fujita), Tech. Rpt. No. 27, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, June 1962.
13. "Reduction of Feedback Loops in Sequential Circuits and Carry Leads in Iterative Networks," Tech. Rpt. No. 28, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, August 1962.

14. "Fundamental Mode and Pulse Mode Sequential Circuits," Tech. Rpt. No. 29, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, August 1962.
15. "Logical Design Theory of NOR Gate Networks with No Complemented Inputs," Tech. Rpt. No. 34, Digital Systems Laboratory, Princeton University, Princeton, New Jersey, August 1963.
16. "Algebraic Properties of Faults in Logic Networks," (with F.W. Clegg), Tech. Rpt. No. 4, Digital Systems Laboratory, Stanford University, Stanford, California, March 1970.
17. "A Model for Parallel Computer Systems," (with T.H. Bredt), Tech. Rpt. No. 5, Digital Systems Laboratory, Stanford University, Stanford, California, April 1970.
18. "Fault Equivalence in Sequential Machines," (with R. Boute), Tech. Rpt. No. 15, Digital Systems Laboratory, Stanford University, Stanford, California, June 1971.
19. "An Iterative Cell Switch Design for Hybrid Redundancy," (with D.P. Siewiorek), Tech. Rpt. No. 20, Digital Systems Laboratory, Stanford University, Stanford, California, December 1971.
20. "A Measure of Switch Complexity in Systems with Standby Spares," (with D.P. Siewiorek), Tech. Rpt. No. 21, Digital Systems Laboratory, Stanford University, Stanford, California, December 1971.
21. "Design of a Parallel Encoder/Decoder for the Hamming Code Using ROM," (with H. Mitarai), Tech. Rpt. No. 36, Digital Systems Laboratory, Stanford University, Stanford, California, November 1972.
22. "Sequential Circuit Output Probabilities from Regular Expressions," (with K.P. Parker), Tech. Rpt. No. 93, Digital Systems Laboratory, Stanford University, Stanford, California, June 1975.
23. "Center for Reliable Computing," (with J. Wakerly and R.C. Ogas), Tech. Rpt. No. 100, Digital Systems Laboratory, Stanford University, Stanford, California, October 1975.
24. "Research in the Digital Systems Laboratory: August 1975-July 1976," (with DSI Faculty), Tech. Rpt. No. 123, Digital Systems Laboratory, Stanford University, Stanford, California, July 1976.

## TECHNICAL NOTES

1. "Analysis and Synthesis of Control Mechanisms for Parallel Processes," (with T.H. Bredt), Tech. Note No. 1, Digital Systems Laboratory, Stanford University, Stanford, California, June 1969.
2. "On the Necessity of Mutual Exclusion for Mutual Exclusion," (with T.H. Bredt), Tech. Note No. 6, Digital Systems Laboratory, Stanford University, Stanford, California, November 1970.
3. "Fault Equivalence in Combinational Logic Networks," (with F.W. Clegg), Tech. Note No. 10, Digital Systems Laboratory, Stanford University, Stanford, California, March 1971.
4. "Switch Designs for Hybrid Redundancy," (with D.P. Siewiorek), Tech. Note No. 13, Digital Systems Laboratory, Stanford University, Stanford, California, December 1971.
5. "Probabilistic Treatment of General Combinational Networks," (with K.P. Parker), Tech. Note No. 20, Digital Systems Laboratory, Stanford University, Stanford, California, November 1973.
6. "Analysis of Logic Circuits with Faults Using Input Signal Probabilities," (with K.P. Parker), Tech. Note No. 21, Digital Systems Laboratory, Stanford University, Stanford, California, January 1974.
7. "A Gate Equivalent Model for Combinational Logic Network Analysis," (with R.D. Reese), Tech. Note No. 28, Digital Systems Laboratory, Stanford University, Stanford, California, January 1973.
8. "Design of Low-Cost General-Purpose Self-Diagnosing Computers," (with J.F. Wakerly), Tech. Note No. 38, Digital Systems Laboratory, Stanford University, Stanford, California, January 1974.
9. "The Error Latency of a Fault in a Combinational Digital Circuit," (with J.J. Shedletsky), Tech. Note No. 55, Digital Systems Laboratory, Stanford University, Stanford, California, November 1974.
10. "The Error Latency of a Fault in a Sequential Digital Circuit," (with J.J. Shedletsky), Tech. Note No. 56, Digital Systems Laboratory, Stanford University, Stanford, California, December 1974.
11. "Micros, Minis and Networks," Tech. Note No. 58, Digital Systems Laboratory, Stanford University, Stanford, California, June 1975.
12. "Basic Network Probabilities and Network Design," (with K.P. Parker and J.J. Shedletsky), Tech. Note No. 60, Digital Systems Laboratory, Stanford University, Stanford, California, July 1975.

13. "A Survey of Research at the Center for Reliable Computing," Tech. Note No. 95, Digital Systems Laboratory, Stanford University, Stanford, California, October 1976.
14. "Comparative Architecture of High-Availability Computer Systems," (with R.C. Goss), Tech. Note No. 107, Digital Systems Laboratory, Stanford University, Stanford, California, December 1976.
15. "Center for Reliable Computing," (with CRC Staff), Tech. Note No. 112, Digital Systems Laboratory, Stanford University, Stanford, California, (in preparation).
16. "Reliability and Computer Architecture," Tech. Note No. 122, Digital Systems Laboratory, Stanford University, Stanford, California, December 1977.
17. "Design for Maintainability and Testability," Tech. Note No. 145, Computer Systems Laboratory, Stanford University, Stanford, California, September 1978.

E. J. McCLUSKEY

BIBLIOGRAPHY

1. "Minimization of Boolean Functions," B.S.T.J., Vol. 35, No. 6, pp. 1417-1444, November 1956.
2. "Detection of Group Invariance or Total Symmetry of a Boolean Function," B.S.T.J., Vol. 35, No. 6, pp. 1445-1453, November 1956.
3. (With E.C. Riekeman and A. Glovazky) "Determination of Redundancies in a Set of Patterns," IRE Trans. on Information Theory, Vol. IT-3, No. 2, pp. 167-168, June 1957.
4. "Iterative Combinational Switching Networks - General Design Considerations," IRE Trans. on Electronic Computers, Vol. EC-7, No. 4, pp. 285- 291, December 1958.
5. "Error-Correcting Codes - A Linear Programming Approach," B.S.T.J., Vol. 38, No. 6, pp. 1485-1512, November 1959.
6. (With S.H. Unger) "A Note on the Number of Internal Variable Assignments for Sequential Switching Circuits," IRE Trans. on Electronic Computers, Vol. EC-8, No. 4, pp. 439-440, December 1959.
7. "A Comparison of Sequential and Iterative Circuits," Trans. AIEE, Pt. 1, Vol 78 (Communications and Electronics), pp. 1039-1044, January 1960.
8. (With T.A. Dolotta) "Encoding of Incompletely Specified Boolean Matrices," Proc., Western Joint Computer Conference, Vol. 17, pp. 231-238, May 1960.

18. "Transients in Combinational Logic Circuits," Redundancy Techniques for Computing Systems, pp. 9-46, R.H. Wilcox and W.C. Mann, Editors, Spartan Books, Washington, D.C., 1962.
19. (With H. Schorr) "Essential Multiple Output Prime Implicants," Proc., Symposium on Mathematical Theory of Automata, Vol. XII, pp. 437-457, Polytechnic Institute of Brooklyn, New York, New York, April 1962.
20. (With I.B. Pyne) "The Reduction of Redundancy in Solving Prime Implicant Tables," IRE Trans. on Electronic Computers, Vol. EC-11, No. 4, pp. 473-482, August 1962.
21. "Fundamental Mode and Pulse Mode Sequential Circuits," Proc., 2nd Int'l Federation on Information Processing Congress, pp. 725-730, Munich, West Germany, August 27-September 1, 1962 (North-Holland Publishing Company, Amsterdam, Netherlands).
22. "Minimal Sums for Boolean Functions Having Many Unspecified Fundamental Products," Trans. AIEE, Pt. 1, Vol. 81 (Communication and Electronics), pp. 387-392, November 1962.
23. "Minimum-State Sequential Circuits for a Restricted Class of Incompletely Specified Flow Tables," B.S.T.J., Vol. 41, No. 6, pp. 1759-1968, November 1962.
24. (With J.A. Brzozowski) "Signal Flow Graph Techniques for Sequential Circuit Diagrams," IEEE Trans. on Electronic Computers, Vol. EC-13, No. 2, pp. 67-76, April 1963.
25. "Reduction of Feedback Loops in Sequential Circuits and Carry Leads in Iterative Networks," Information and Control, Vol. 6, No. 2, pp. 99-118, June 1963.
26. "Logical Design Theory of NOR Gate Networks with No Complemented Inputs," Proc., 4th Annual Symposium on Switching Circuit Theory and Logical Design, S-156, pp. 137-148, IEEE, Chicago, Illinois, September 1963.

27. "Development of Switching Theory, Elektronische Rechenanlagen, Heft 6, Seite 249, 5 Jahrgang, December 1963.
28. "Switching Functions," Progress in Circuit Theory - 1960-1963, L. Weinberg, Editor; IEEE Trans. on Circuit Theory, Vol. CT-11, No. 1, pp. 22-25, March 1964.
29. (With T.A. Dolotta) "The Coding of Internal States of Sequential Circuits," IEEE Trans. on Electronic Computers, Vol. EC-13, No. 5, pp. 549-562, October 1964.
30. (With J.F. Poage) "Derivation of Optimum Test Sequences for Sequential Machines," Proc., 5th Annual Symposium on Switching Circuit Theory and Logical Design, S-164, pp. 121-128, IEEE, Princeton, New Jersey, October 1964.
31. Introduction to the Theory of Switching Circuits, McGraw-Hill Book Co., New York, New York, 1965.
32. (With J.B. Dennis, D.C. Evans, W.H. Huggins, M. Karnaugh, J.F. Kaiser, F.F. Kuo, S. Seely, W.H. Surber, M.E. Van Valkenburg and L.A. Zadeh) "Computer Sciences in Electrical Engineering," Cosine Committee, Commission on Engineering Education, September 1967.
33. (With W.F. Atchison, S.D. Conte, J.W. Hamblen, T.E. Hull, T.A. Keenan, W.B. Kehl, S.O. Navarro, W.C. Rheinboldt, E.J. Scheppe, W. Viavant, and D.M. Young) "Curriculum 68," Communications of the ACM, Vol. II, No. 3, pp. 151-197, March 1968.
34. (With C.G. Bell, Y. Chu, C.L. Coates, W. Lichtenberger, F. Luconi and W. Viavant) "An Undergraduate Electrical Engineering Course on Computer Organization," Cosine Committee, Commission on Engineering Education, October 1968.
35. (With T. Bredt) Chapter 14, "Analysis and Synthesis of Control Mechanisms for Parallel Processes," Parallel Processor Systems, Technologies, and Applications, pp. 287-295, L.C. Hobbs, Editor, Spartan Books, New York, New York, 1970.

36. (With B. Arden, T.C. Bartee, C.G. Bell, F.F. Kuo, W.H. Surber and C.L. Coates) "An Undergraduate Computer Engineering Option for Electrical Engineering," Cosine Committee, Commission on Education, January 1970.
37. (With T. Bredt) "A Model for Parallel Computer Systems," Tech. Note No. 5, Digital Systems Laboratory, Stanford University, Stanford, California, April 1970.
38. (With T. Bredt) "On the Necessity of Mutual Exclusion for Mutual Exclusion," Tech. Note No. 6, Digital Systems Laboratory, Stanford University, Stanford, California, November 1970.
39. (With C.L. Coates, B. Arden, T.C. Bartee, C.G. Bell, F.F. Kuo, and W.H. Surber) "An Undergraduate Computer Engineering Option for Electrical Engineering," Proc., IEEE, Vol. 59, No. 6, pp. 854-860, June 1971.
40. (With R. Boute) "Fault Equivalence in Sequential Machines," Proc., Symposium on Computers and Automata, Vol. 21, pp. 483-507, Polytechnic Institute of Brooklyn, New York, New York, 1971.
41. "Test and Diagnosis Procedure for Digital Networks," Computer, Vol. 4, No. 1, pp. 17-20, January/February 1971.
42. (With T.L. Booth, S.M. Altman, F.W. Clegg, C.L. Coates, F.F. Coury, R.M. Glorioso, D.M. Robinson and D.E. Troxel), "Digital Systems Laboratory Courses and Laboratory Developments," Cosine Committee, Commission on Education, March 1971.
43. (With F.W. Clegg) "The Algebraic Approach to Faulty Logic Networks," Digest, 1971 Int'l Symposium on Fault-Tolerant Computing, pp. 44-45, Pasadena, California, March 1-3, 1971.
44. (With F.W. Clegg) "Fault Equivalence in Combinational Logic Networks," IEEE Trans. on Computers, Vol. C-20, No. 11, pp. 1266-1273, November 1971.

45. (With D.P. Siewiorek) "Switch Designs for Hybrid Redundancy," Proc., Computer Systems Design - '72 West Conference, Anaheim, California, February 22-24, 1972.
46. (With T.L. Booth, C.G. Bell, C.H. Coker, R.M. Glorioso, F.J. Mowle and D.M. Robinson) "Minicomputers in the Digital Laboratory Program," Cosine Committee, Commission on Education, April 1972.
47. (With H. Mitarai) "Design of a Parallel Encoder/Decoder for the Hamming Code, Using ROM," Tech. Rpt. No. 36, Digital Systems Laboratory, Stanford University, Stanford, California, June 1972.
48. (With D.P. Siewiorek) "An Iterative Cell Switch Design for Hybrid Redundancy," Digest, 1972 Int'l Symposium on Fault-Tolerant Computing, pp. 182-188, Newton, Massachusetts, June 19-21, 1972.
49. (With M. Sloan and C.L. Coates) "Cosine Survey of Electrical Engineering Departments," Cosine Committee, Commission on Education, May 1973.
50. (With D.P. Siewiorek) "An Iterative Cell Switch Design for Hybrid Redundancy," IEEE Trans. on Computers, Vol. C-22, No. 3, pp. 290-297, March 1973.
51. (With D.P. Siewiorek) "Switch Complexity in Systems with Hybrid Redundancy," IEEE Trans. on Computers, Vol. C-22, No. 3, pp. 276-282, March 1973.
52. (With M. Sloan and C.L. Coates) "Cosine Survey of Electrical Engineering Departments," Computer, Vol. 6, No. 6, pp. 30-39, June 1973.
53. (With R.D. Reese) "A Gate Equivalent Model for Combinational Logic Network Analysis," Digest, 1973 Int'l Symposium on Fault-Tolerant Computing, pp. 79-84, Palo Alto, California, June 27-30, 1973.

54. (With K.P. Parker) "Analysis of Logic Circuits with Faults Using Input Signal Probabilities," Digest, 1974 Int'l Symposium on Fault-Tolerant Computing, pp. 1.8-1.12, Urbana, Illinois, June 19-21, 1974.
55. (With J. Wakerly) "Design of Low-Cost General-Purpose Self-Diagnosing Computers," Proc., IFIP Congress '74, pp. 100-101, Stockholm, Sweden, August 3-10, 1974.
56. (With A.M. Usas) "Design and Application of a Self-Checking Periodic-Signal Checker," Digest, Fall 1974 COMPCON Conference, pp. 83-91, Washington, D.C., September 10-12, 1974.
57. "Probability Models for Logic Networks," Proc., 4th Manitoba Conference on Numerical Mathematics, pp. 21-28, Winnipeg, Canada, October 2-5, 1974.
58. (With H.W. Gschwind) Design of Digital Computers, Springer-Verlag, New York, New York, 1975.
59. (With K.P. Parker) "Analysis of Logic Circuits with Faults Using Input Signal Probabilities," IEEE Trans. on Computers, Vol. C-24, No. 5, pp. 573-578, May 1975.
60. (With K.P. Parker) "Probabilistic Treatment of General Combinational Networks," IEEE Trans. on Computers, Vol. C-24, No. 6, pp. 668-670, June 1975.
61. (With K.P. Parker) "Sequential Circuit Output Probabilities from Regular Expressions," Tech. Rpt. No. 93, Digital Systems Laboratory, Stanford University, Stanford, California, June 1975.
62. "Micros, Minis and Networks," Proc., 20 Years of Computer Science at the University of Pisa, pp. 23-33, Pisa, Italy, June 15-19, 1975.

63. (With J.J. Shedletsky) "The Error Latency of a Fault in a Combinational Digital Circuit," Digest, 1975 Int'l Symposium on Fault-Tolerant Computing, pp. 210-214, Paris, France, June 18-20, 1975.
64. (With K.P. Parker and J.J. Shedletsky) "Boolean Network Probabilities and Network Design," Tech. Note No. 60, Digital Systems Laboratory, Stanford University, Stanford, California, July 1975.
65. (With J.F. Wakerly and R.C. Ogus) "Center for Reliable Computing - Current Research," Tech. Rpt. No. 100, Digital Systems Laboratory, Stanford University, Stanford, California, October 1975.
66. (With R.C. Ogus) "Survey of Computer Reliability Studies," Electro-Technology, Journal of Society of Electronic Engineers, Vol. XIX, No. 4, pp. 82-95, December 1975.
67. "Logic Design," Encyclopedia of Computer Science, pp. 809-813, A. Ralston and C. Meek, Editors, Petrocelli/Charter, New York, New York, 1976.
68. (With J.J. Shedletsky) "The Error Latency of a Fault in a Sequential Digital Circuit," IEEE Trans. on Computers, Vol. C-25, No. 6, pp. 665- 659, June 1976.
69. "A Survey of Research at the Center for Reliable Computing, Stanford University," Design Automation & Fault-Tolerant Computing, Vol. 1, No. 1, pp. 85-90, October 1976.
70. (With T.T. Dao, L.K. Russell and D.R. Preedy) "Multilevel I<sup>2</sup>L with Threshold Gates," Proc., IEEE Int'l Solid-State Circuits Conference, Philadelphia, Pennsylvania, February 16-18, 1977.
71. (With J.F. Wakerly) "Microcomputers in the Computer Engineering Curriculum," Computer, Vol. 10, No. 1, pp. 32-38, January 1977.

72. (With J.F. Wakerly) "Microcomputers in the Computer Engineering Curriculum," Microprocessors-2, invited Papers, Infotech Int'l Ltd., Berkshire, England, 1977.
73. "Micros, Minis and Networks," Microcomputers and Systems Design, Appendix A, pp. 47-57, Tech. Document No. 507, Naval Electronics Laboratory Center, San Diego, California, February 15, 1977.
74. (With R.C. Cagus) "Comparative Architecture of High-Availability Computer Systems," Digest, 11th Int'l IEEE Computer Conference (COMPCON), San Francisco, California February 1977.
75. "Editorial," Digital Processes, Vol. 3, No. 3, pp. 187-188, Autumn 1977.
76. "Reliability and Computer Architecture," Tech. Note No. 122, Digital Systems Laboratory, Stanford University, Stanford, California, December 1977.
77. (With T.T. Dao, and L.K. Russell, "Multivalued Integrated Injection Logic," IEEE Trans. on Computers, Vol. C-26, No. 12, pp. 1233-1241, December 1977.
78. (With K.P. Parker and J.J. Shedletsky) "Boolean Network Probabilities and Network Design," IEEE Trans. on Computers, Vol. C-27, No. 2, pp. 187-189, February 1978.
79. (With K.P. Parker) "Sequential Circuit Probabilities from Regular Expressions," IEEE Trans. on Computers, Vol. C-27, No. 3, pp. 222-231, March 1978.
80. "Logic Design of Multi-Valued  $I^2L$  Logic Circuits," Proc., 8th Int'l Symposium on Multiple-Valued Logic, pp. 14-22, Chicago, Illinois, May 24-26, 1978.
81. "Logic Design of Multi-Valued  $I^2L$  Logic Circuits," submitted to IEEE Trans. on Computers.
82. "Design for Maintainability and Testability," Proc., Government Microcircuit Applications Conference (GOMAC), Monterey, California, November 14-16, 1978.
83. "Design for Maintainability and Testability," Tech. Note No. 145, Computer Systems Laboratory, Stanford University, Stanford, California, November 1978.

M. Danielle Beaudry

WORK ADDRESS: Center for Reliable Computing, Computer Systems Laboratory  
Departments of Computer Science and Electrical Engineering  
Stanford University  
Stanford, CA 94305  
(415) 497-1448

[REDACTED]

[REDACTED]

[REDACTED]

**BIOGRAPHY**

[REDACTED]

EDUCATION:

|       |          |                                                       |      |
|-------|----------|-------------------------------------------------------|------|
| B.S.  | M.I.T.   | Physics                                               | 1969 |
| M.S.  | Stanford | Electrical Engineering                                | 1974 |
| M.S.  | Stanford | Statistics                                            | 1977 |
| Ph.D. | Stanford | Electrical Engineering with<br>Computer Science minor | 1978 |

EDUCATIONAL HONORS:

National Merit Scholarship 1965-1969  
National Honor Society Scholarship (declined) 1965  
IBM Graduate Fellowship 1974-1976

PROFESSIONAL ACTIVITIES:

Member of AAAS, ACM, IEEE Computer Society, SWE, WISE, Sigma Xi  
Treasurer of Santa Clara Group of IEEE Computer Society (1977-1978)  
Publicity Chairwoman for Fifth Annual Symposium on Computer  
Architecture, Palo Alto, 3-5 April 1978  
Session Chairwoman for 3rd USA-Japan Computer Conference, San Francisco,  
10-12 October 1978

PROFESSIONAL EXPERIENCE:

Lecturer in Computer Science (April-June 1979)

Computer Science Department, Stanford University

Computer Science 105, Introduction to Computing. Undergraduate  
course using the programming language PASCAL.

Research Associate (April 1978 - present)

Center for Reliable Computing, Computer Systems Laboratory  
Stanford University

Research on performance and reliability evaluation of computing  
systems. Supervisor: Prof. Edward J. McCluskey.

Teaching assistant (October-December 1977)

Electrical Engineering Department, Stanford University

Computer Science 311, (also Electrical Engineering 482), Advanced Computer Organization. Graduate course in computer architecture.

Research assistant (July 1976 - September 1977 and January-April 1978)

Digital Systems Laboratory, Stanford University

Research on the performance and reliability of gracefully degrading computing systems. Supervisor: Prof. Edward J. McCluskey.

IBM Graduate fellow (October 1974 - June 1976)

Digital Systems Laboratory, Stanford University

Research on dual redundant and gracefully degrading computer systems. Supervisor: Prof. Edward J. McCluskey.

Research assistant (April 1974 - September 1974)

Digital Systems Laboratory, Stanford University

Research on dual redundant computer systems.  
Supervisor: Prof. Edward J. McCluskey.

Systems engineer (April 1973 - March 1974)

Hewlett-Packard Corporation, Santa Clara, California

Programming support for graphics package and instrument interfaces for Fourier Analyzer computer systems.

Programmer (October 1969 - March 1973)

Fairchild Semiconductor, Mountain View, California

Programming in computer-aided design of integrated circuits.

CONSULTING:

National Semiconductor, 1978

Hughes, 1973-

Technology Development Corporation, 1979

PUBLICATIONS:

"A Markov model for reconfigurable computer systems," (with E. Fregni), Tech. Note No. 43, Digital Systems Lab., Stanford Univ., 1974.

"Dual redundancy -- a survey," Tech. Note No. 93, Digital Systems Lab., Stanford Univ., April 1977.

"Performance related reliability measures for computing systems," Tech. Note No. 101, Digital Systems Lab., 1976.

"Performance-related reliability measures for computing systems," Proc. FTCS-7, 7th Annual International Conference on Fault-Tolerant Computing, pp. 16-21, June 1977.

"Performance considerations for the reliability analysis of computing systems," Ph.D. Dissertation, Stanford Univ., April 1978.

"Performance considerations for reliability analysis: A statistical case study," Tech. Note. No. 126, Digital Systems Lab., Stanford Univ., 1976.

"A statistical analysis of service interruptions at the SLAC Triplex multiprocessor," Tech. Rpt. No. 141, Digital Systems Lab., 1978.

"Performance considerations for reliability analysis: A statistical case study," Proc. FTCS-8, Eighth Annual International Conference on Fault-Tolerant Computing, Toulouse, France, p. 198, June 1978.

"Performance-related reliability measures for computing systems," IEEE Trans. on Computers, Special Issue on Fault-Tolerant Computing, June 1978, pp. 540-547.

"A statistical analysis of failures in the SLAC computing center," Digest of Papers, Spring COMPCON 79, San Francisco, CA, pp. 49-52, 26 February - 1 March 1979.

"Stochastic behavior of failures in computing systems," Tech. Note, Computer Systems Lab., (in preparation).